Add XFRM_MIGRATE support and freeze INetd v12.
This commit updates netd_aidl_interface to support
migrating IPsec tunnel mode SA to different source
and destination addresses.
server/aidl_api/netd_aidl_interface/12/ are generated
by "m netd_aidl_interface-freeze-api"
Bug: 169170985
Test: atest netd_integration_test (new tests)
Change-Id: I89b54272c1528f12e6351819e0efe666af7a2946
diff --git a/staticlibs/netd/binder/android/net/INetd.aidl b/staticlibs/netd/binder/android/net/INetd.aidl
index 8bf8e5b..dff07c6 100644
--- a/staticlibs/netd/binder/android/net/INetd.aidl
+++ b/staticlibs/netd/binder/android/net/INetd.aidl
@@ -18,6 +18,7 @@
import android.net.INetdUnsolicitedEventListener;
import android.net.InterfaceConfigurationParcel;
+import android.net.IpSecMigrateInfoParcel;
import android.net.MarkMaskParcel;
import android.net.NativeNetworkConfig;
import android.net.RouteInfoParcel;
@@ -265,7 +266,7 @@
int spi);
/**
- * Create an IpSec Security Association describing how ip(v6) traffic will be encrypted
+ * Update an IPsec SA (xfrm_state) describing how ip(v6) traffic will be encrypted
* or decrypted.
*
* @param transformId a unique identifier for allocated resources
@@ -1396,4 +1397,27 @@
* unix errno.
*/
void networkRemoveUidRangesParcel(in NativeUidRangeConfig uidRangesConfig);
+
+ /**
+ * Migrate an existing IPsec tunnel mode SA to different addresses.
+ *
+ * If the underlying network also changes, caller must update it by
+ * calling ipSecAddSecurityAssociation.
+ *
+ * @param migrateInfo parcelable with migration info.
+ *
+ * @throws ServiceSpecificException in case of failure, with an error code indicating the
+ * cause of the failure.
+ */
+ void ipSecMigrate(in android.net.IpSecMigrateInfoParcel migrateInfo);
+
+ /**
+ * IPSEC_DIRECTION_IN is used for IPsec SAs or policies that direct traffic towards the host.
+ */
+ const int IPSEC_DIRECTION_IN = 0;
+
+ /**
+ * IPSEC_DIRECTION_OUT is used for IPsec SAs or policies that direct traffic away from the host.
+ */
+ const int IPSEC_DIRECTION_OUT = 1;
}